NowSecure Workstation is a preconfigured hardware and software kit enabling mobile app security analysts to quickly and thoroughly assess vulnerabilities on real iOS and Android devices, with integrated testing and reporting.

Key Features

Automated and Manual Mobile App Security Testing

• Automated static, dynamic, and interactive application security testing (SAST/DAST/IAST)
• API security testing to identify vulnerabilities in backend APIs
• Built-in wizard-driven test harness with hundreds of preconfigured tests
• Hands-on, interactive testing for complex scenarios (MFA, CAPTCHA, IoT, Bluetooth, USB)
• Testing on real mobile devices (iOS and Android), not emulators

Reporting and Compliance

• Preformatted and customizable reporting for easy sharing and stakeholder communication
• Automated generation of actionable reports with vulnerability descriptions, CVSS 3.0 scoring, remediation recommendations, and regulatory mappings (PCI, CVE, CWE, NIAP, HIPAA, GDPR, FFIEC, OWASP MASVS)
• Regulatory compliance support for industry standards and certifications

Integration and Extensibility

• Leverages best-in-breed open-source tools (Frida, Radare, r2frida) and proprietary testing methodologies
• Extensible architecture for integrating additional tools or scripts preferred by analysts

Productivity and Control

• Repeatable, standards-based testing with customizable preferences for speed and consistency
• Analyst-directed, on-premises testing for maximum control and security
• Near-zero false positives for reliable results

Benefits

Efficiency and Speed

• Reduces mobile app security testing from weeks to hours
• Enables repeatable, consistent assessments across teams and projects

Comprehensive Coverage

• Full-coverage testing for vulnerabilities and sensitive data leakage on device, over the air, and at API endpoints
• Supports testing of complex app features and integration with IoT, Bluetooth, and USB devices

Actionable Results

• Prioritized findings by CVSS scores and mapped to industry standards
• Easy-to-understand remediation instructions and contextual evidence for developers and security teams

Security and Compliance

• Supports regulatory compliance for highly regulated industries (banking, healthcare, public sector, retail)
• Helps protect against supply chain attacks by vetting apps for security and privacy risks